Re: [44net] Security - Telnet (port tcp/23)

The term to search for is 'honeypot'. There are many such scripts out there on github and on the web in general. -----Original Message----- From: 44Net [mailto:44net-bounces+don=00100100.net@hamradio.ucsd.edu] On Behalf Of Jim MacKenzie Sent: Thursday, September 29, 2016 12:17 PM To: 'AMPRNet working group' <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] Security - Telnet (port tcp/23) (Please trim inclusions from previous messages) _______________________________________________ Rob, if you wouldn't mind emailing me privately (jim(a)photojim.ca) - unless discussing it here is OK - I wouldn't mind hearing how you did the fake telnetd. I think that's a brilliant idea. Jim VE5EIS -----Original Message----- From: 44Net [mailto:44net-bounces+jim=photojim.ca@hamradio.ucsd.edu] On Behalf Of Rob Janssen Sent: September-29-16 1:10 PM To: 44net(a)hamradio.ucsd.edu Subject: Re: [44net] Security - Telnet (port tcp/23) I have a fake telnetd running on one of my systems that simply presents the user with a login prompt and logs what is being typed, and it shows endless connections trying things like root/12345 root/password admin/admin etc. They probably get into certain routers or other systems like that, then install some trojan that does further scanning. This is also indicated by certain loggings where they apparently believe they got logged in and then send a long string like "wget something; chmod a+x something; ./something" or similar. _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net